package com.tpp.threat_perception_platform.service.impl;

import com.tpp.threat_perception_platform.pojo.Account;
import com.tpp.threat_perception_platform.pojo.App;
import com.tpp.threat_perception_platform.pojo.Process;
import com.tpp.threat_perception_platform.pojo.Service;
import com.tpp.threat_perception_platform.service.RiskAssessmentService;


import java.util.HashSet;
import java.util.Set;

@org.springframework.stereotype.Service
public  class RiskAssessmentServiceImpl implements RiskAssessmentService {

    // App 相关关键词
    private final Set<String> highRiskKeywords = new HashSet<>(Set.of("keylogger", "exploit", "malware", "hack", "rootkit"));
    private final Set<String> mediumRiskKeywords = new HashSet<>(Set.of("tool", "debug", "admin", "cmd", "powershell"));

    // Account 相关关键词
    private final Set<String> accountHighRiskKeywords = new HashSet<>(Set.of("admin", "root", "administrator"));
    private final Set<String> accountMediumRiskKeywords = new HashSet<>(Set.of("user", "test", "temp", "guest"));

    @Override
    public String assess(App app) {
        if (isHighRisk(app)) return "高危";
        if (isMediumRisk(app)) return "中危";
        if (isLowRisk(app)) return "低危";
        return "无风险";
    }

    private boolean isHighRisk(App app) {
        return containsKeyword(app.getDisplayName(), highRiskKeywords)
                || isSuspiciousInstallPath(app.getInstallLocation())
                || isKnownMalware(app);
    }

    private boolean isMediumRisk(App app) {
        return containsKeyword(app.getDisplayName(), mediumRiskKeywords)
                || app.getUninstallString() == null || app.getUninstallString().isEmpty();
    }

    private boolean isLowRisk(App app) {
        return isSuspiciousInstallPath(app.getInstallLocation());
    }

    private boolean isKnownMalware(App app) {
        return false; // 可对接外部接口或黑名单
    }

    private boolean containsKeyword(String text, Set<String> keywords) {
        if (text == null) return false;
        text = text.toLowerCase();
        for (String keyword : keywords) {
            if (text.contains(keyword.toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private boolean isSuspiciousInstallPath(String path) {
        if (path == null) return false;
        return path.contains("System32") || path.contains("Temp");
    }

    @Override
    public String assessAccountRisk(Account account) {
        if (isHighRiskAccount(account)) return "高危";
        if (isMediumRiskAccount(account)) return "中危";
        if (isLowRiskAccount(account)) return "低危";
        return "无风险";
    }

    private boolean isHighRiskAccount(Account account) {
        return containsKeyword(account.getName(), accountHighRiskKeywords)
                || isTrue(account.getDisabled())     // 1 表示禁用
                || isTrue(account.getLockout());      // 1 表示锁定
    }

    private boolean isMediumRiskAccount(Account account) {
        return containsKeyword(account.getName(), accountMediumRiskKeywords)
                || !isTrue(account.getPasswordChangeable()); // 0 或 null 表示不可更改
    }

    private boolean isLowRiskAccount(Account account) {
        return isTrue(account.getPasswordRequired())   // 1 表示必须密码
                || isTrue(account.getPasswordExpires()); // 1 表示密码过期
    }

    private boolean isTrue(Integer value) {
        return value != null && value == 1;
    }

    @Override
    public String assess(Process process) {
        if (isHighRiskProcess(process)) return "高危";
        if (isMediumRiskProcess(process)) return "中危";
        if (isLowRiskProcess(process)) return "低危";
        return "无风险";
    }

    private boolean isHighRiskProcess(Process process) {
        Set<String> highKeywords = new HashSet<>(Set.of("rootkit", "exploit", "malware", "hack", "keylogger"));
        return containsKeyword(process.getName(), highKeywords)
                || containsKeyword(process.getCmd(), highKeywords)
                || (process.getPriority() != null && process.getPriority() < 0); // 实时优先级通常小于0
    }

    private boolean isMediumRiskProcess(Process process) {
        Set<String> mediumKeywords = new HashSet<>(Set.of("admin", "tool", "debug", "powershell", "cmd"));
        return containsKeyword(process.getName(), mediumKeywords)
                || containsKeyword(process.getCmd(), mediumKeywords)
                || (process.getPriority() != null && process.getPriority() == 13); // 默认优先级是13，过高可能异常
    }

    private boolean isLowRiskProcess(Process process) {
        return process.getDescription() != null && process.getDescription().contains("system");
    }

    @Override
    public String assess(org.springframework.stereotype.Service service) {
        if (isHighRiskService((Service) service)) return "高危";
        if (isMediumRiskService((Service) service)) return "中危";
        if (isLowRiskService((Service) service)) return "低危";
        return "无风险";
    }

    @Override
    public String assess(Service service) {
        if (isHighRiskService((Service) service)) return "高危";
        if (isMediumRiskService((Service) service)) return "中危";
        if (isLowRiskService((Service) service)) return "低危";
        return "无风险";
    }


    private boolean isHighRiskService(Service service) {
        return service.getName() != null && (
                service.getName().contains("telnet") ||
                        service.getName().contains("ftp") ||
                        Integer.parseInt(service.getPort()) < 1024
        );
    }

    private boolean isMediumRiskService(Service service) {
        return service.getName() != null && (
                service.getName().contains("http") ||
                        service.getName().contains("ssh")
        );
    }

    private boolean isLowRiskService(Service service) {
        return service.getProduct() != null && service.getProduct().contains("system");
    }
}
